If this is your first visit, be sure to
check out the Forum Rules by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Re: Script for sniffing traffic.

Hi comaX. many thanks for this wonderful script. I have read through all 18 pages of comments and also had watched the video. I have downloaded and installed the script in my machine. Everything seems to run smooth however when I login to twitter / hotmail (I am manually typing the login / password) I do not get these captured. Please note that I have also use yamas -e option too. I am sure there is some settings in my machine which needs to be fixed but I just do not know which needs fixing.

Re: Script for sniffing traffic.

Since when can mon0 not associate with an AP? All monitor mode does is enable the ability to sniff raw packet frames from the ether. This is the first I ever heard about monitor mode decreasing functionality...

World Domination is such an ugly phrase. I prefer the term World Optimization.

Re: Script for sniffing traffic.

Originally Posted by hannah

Hi comaX. many thanks for this wonderful script. I have read through all 18 pages of comments and also had watched the video. I have downloaded and installed the script in my machine. Everything seems to run smooth however when I login to twitter / hotmail (I am manually typing the login / password) I do not get these captured. Please note that I have also use yamas -e option too. I am sure there is some settings in my machine which needs to be fixed but I just do not know which needs fixing.

Hi, thanks for reading it all before posting, even I wouldn't go this far. You say it doesn't work for hotmail / twitter. Does it work for others ? Have you tried in private browsing mode to avoid anything being transmitted via cookies for instance ? Did you make sure you were not on an https connection ? Some sites like gmail enforce this type of connection, rendering sslstrip/ettercap useless.
Since you're using ettercap, have you tried using sslstrip ?

As for the mon0/wlan0, it's not really relevant here. Indeed I don't think you can associate with an AP in monitor mode, but what you can do is being connected with wlan0 to an AP, and have a pseudo-interface mon0 in monitor mode. In a nutshell, mon0 itself doesn't connect, but the wireless interface can be connected, and in monitor mode.
But once again, I don't really see how that is relevant here, so unless you guys explain in more details, let's just forget that.

I have some more ideas, but more troubling too, so I'll wait for your feedback before conjecturing horrid stuff

//

I'll risk getting my ass kicked because it's absolutely irrelevant to Backtrack, but there is this project I started that needs help growing : http://msimdb.comax.fr It's a database of movie quotes in music. It suffers greatly from content and anything non-metal. So if you guys are willing to help in anyway you can think of, I'll be super glad ! Mods, sorry for doing this.

Re: Script for sniffing traffic.

Originally Posted by comaX

Hi, thanks for reading it all before posting, even I wouldn't go this far. You say it doesn't work for hotmail / twitter. Does it work for others ? Have you tried in private browsing mode to avoid anything being transmitted via cookies for instance ? Did you make sure you were not on an https connection ? Some sites like gmail enforce this type of connection, rendering sslstrip/ettercap useless.
Since you're using ettercap, have you tried using sslstrip ?

BTW: I am running version 20120213

First of all I have tried both option with yamas, I mean the default is with sslstrip and with yamas -e (which activates ettercap). I now have used a browser with all cookies cleared. Have tried https and http authentication site.

Password box does not show me anything.

I am sure this script works as it's working with everyone else as it seems. Is there a debug option in this script. Help file does not say of there is any. Any idea will be appreciated.

@ShadowMaster
Now in regards to mon0 issue, what I meant that you cannot get ip address from an AP through mon0. Hence no gateway and this script is not going to work. Please correct me if I am wrong here.

Re: Script for sniffing traffic.

@comaX Ideas are always welcome, no matter how troubling they may be.

@hannah Why not do what comaX said, which is what I meant, just in more detail. Basically associate with wlan0 and create a pseudo-interface mon0? Also, setting your own default gateway is really not hard... route gw {ip} or some thing very similar, don't remember off hand sorry. I'd be more worried about the no ip, which is also easy to set...

World Domination is such an ugly phrase. I prefer the term World Optimization.

Re: Script for sniffing traffic.

Originally Posted by ShadowMaster

@comaX Ideas are always welcome, no matter how troubling they may be.

The troubling idea would be that they changed the authentication process and I might have to change the parser, which was a pain in the arse back then, and now that I don't have everything in mind, I fear it would be again, with the necessity to first understand what I wrote back then... So yeah, it's troubling

@Hannah : you didn't tell me if it worked for other sites or not. Are you using a local connection page maybe ? (fr.msn.com ; us.msn.com... I just made them up, but you know what I mean)

Re: Script for sniffing traffic.

comaX, I know that fell bro. I am writing a perl script to help with ASM ghostwriting automation, and since I don't really know perl, and refuse to write it in py, I basically lost track of the number of times I've had to rewrite portions and figure out what I wanted to do with them. Incidentaly, anyone who knows perl and is willing to help would be amazing. I don't want to post it in the forums until its done though.

World Domination is such an ugly phrase. I prefer the term World Optimization.

Re: Script for sniffing traffic.

@Hannah : you didn't tell me if it worked for other sites or not. Are you using a local connection page maybe ? (fr.msn.com ; us.msn.com... I just made them up, but you know what I mean)

No so far it did not work for any other sites either. Yes I have tried sites like http://www.backtrack-linux.org/ as well which is not https. Anyway is there any config file (e.g; etter.conf ) I need to manually change or does your script do that automatically.

What I am thinking now to get sslstrip / ettercap manually working in my machine and then proceed.